difference here between a bad passphrase and a cipher algorithm that we
don't have, so use a error message that makes that clear. Use the actual
list of ciphers when checking whether a cipher is invalid. Return error
if the decrypted cipher algorithm is invalid. (proc_symkey_enc): In a
mixed passphrase/pk message, if a valid dek already exists from decrypting
via pk, do not try to process the passphrase. (proc_symkey_enc): Indicate
when we're decrypting a session key as opposed to decrypting data. If a
passphrase is invalid, discard the dek so we'll keep trying.
* encode.c (encode_simple): Allow for 32 bytes (256 bits) of symmetrically
encrypted session key. Use --s2k-cipher-algo to choose cipher, rather
than --cipher-algo. This code is never actually called in stable, but
better to fix it here in case we branch in the future.
* parse-packet.c (parse_subkeyenc): Call it a "symmetrically encrypted
session key" since "session key decryption key" is just baffling. Neaten
--list-packets output.
* pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning unless
--quiet is set.
--encrypt-files (plus --verify-files, --decrypt-files).
* encode.c (use_mdc), g10.c (main): Use RFC1991 and RFC2440 directly to
check for MDC usability. Do not set the force_mdc or disable_mdc flags
since there is no point any longer.
explain the roundrobin a bit better.
* sig-check.c (check_key_signature2), import.c (import_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, collapse_uids,
merge_blocks): Make much quieter during import of slightly munged, but
recoverable, keys. Use log_error for unrecoverable import failures.
* sign.c (mk_notation_and_policy): Making a v3 signature with notations or
policy urls is an error, not an info (i.e. increment the errorcount).
Don't print the notation or policy url to stdout since it can be mixed
into the output stream when piping and munge the stream.
Provide a signing-key-is-revoked flag. Change all callers.
* status.h, status.c (get_status_string): New REVKEYSIG status tag for a
good signature from a revoked key.
* mainproc.c (do_check_sig, check_sig_and_print): Use it here.
* import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare actual
signatures on import rather than using keyid or class matching. This does
not change actual behavior with a key, but does mean that all sigs are
imported whether they will be used or not.
check_key_signature2): Allow passing NULLs for unused parameters in the x2
form of each function to avoid the need for dummy variables. getkey.c,
mainproc.c: Change all callers.
the primary key if the key making the signature is the primary key.
* parse-packet.c (parse_signature): No need to reserve 8 bytes for the
unhashed signature cache any longer.
and signer's primary fingerprint (%p).
* tdbio.h, tdbio.c (create_version_record, tdbio_write_nextcheck,
tdbio_read_record, tdbio_write_record): Force a 0 into the trust_model
field. This is to help smooth the 1.2->1.4 switchover, as otherwise a 1.4
trustdb could be rebuilt as classic on 1.2 while still claiming to be a
non-classic trust model.
question. (menu_expire): When changing expiration dates, don't replace
selfsigs on revoked uids since this would effectively unrevoke them.
There is also no point in replacing expired selfsigs. This is bug #181.
* g10.c (main): Add --rfc2440 alias for --openpgp since in a few months,
they won't be the same thing.
* keyedit.c (sign_uids): Do not allow signing a user ID without a
self-signature. --expert overrides.
* options.skel: Use subkeys.pgp.net as the default keyserver.
* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.
listing secret keys since they can be incorrect and/or misleading. This
is a temporary kludge, and will be handled properly in 1.9/2.0.
* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we have
struct sigaction. This is for Forte c89 on Solaris which seems to define
only the function call half of the two pairs by default.
(pause_on_sigusr): Typo. (do_block): If we can't use sigprocmask() and
sigset_t, try to get the number of signals from NSIG as well as MAXSIG,
and if we can't, fail with an explanation.
behavior as revoked uids).
* mainproc.c (print_notation_data, check_sig_and_print): Only show the
"key available from" preferred keyserver line if the key is not currently
present.
they at least handle subkeys correctly.
* mainproc.c (print_notation_data), parse-packet.c (dump_sig_subpkt,
parse_one_sig_subpkt, can_handle_critical): Add read-only support for
preferred keyserver subpackets. They're basically policy URLs with a
different name.
* g10.c (main): Add "--set-notation" as alias to "--notation-data" this is
to make things consistent with --set-policy-url meaning both sigs and
certs.
bug in the old version that did not handle report syntax errors after a
valid entry.
* import.c (parse_import_options), export.c (parse_export_options): Call
it here instead of duplicating the code.
--with-colons mode. Actually translate "Keyring" string.
* mainproc.c (proc_tree): We can't currently handle multiple signatures of
different classes or digests (we'd pretty much have to run a different
hash context for each), but if they are all the same, make an exception.
This is Debian bug #194292.
* sig-check.c (check_key_signature2): Make string translatable.
* packet.h, getkey.c (fixup_uidnode): Mark real primary uids differently
than assumed primaries.
* keyedit.c (no_primary_warning): Use the differently marked primaries
here in a new function to warn when an --edit-key command might rearrange
the self-sig dates enough to change which uid is primary. (menu_expire,
menu_set_preferences): Use no_primary_warning() here.
* Makefile.am: Use @DLLIBS@ for -ldl.
getkey.c, keydb.c, openfile.c, plaintext.c, status.c, gpgv.c, keygen.c,
options.h, sig-check.c, tdbio.h, encode.c, hkp.c, mainproc.c,
parse-packet.c, signal.c, textfilter.c: Edit all preprocessor instructions
to remove whitespace before the '#'. This is not required by C89, but
there are some compilers out there that don't like it.
* progress.c (handle_progress)
* encode.c (encode_simple,encode_crypt): Make sure that a filename
of "-" is considered to be stdin so that iobuf_get_filelength
won't get called. This fixes bug 156 reported by Gregery Barton.
revoked/expired/etc uids for non-colon key listings. This is for
consistency with --show-photos.
* main.h, keylist.c (dump_attribs), mainproc.c (check_sig_and_print): Dump
attribs if --attrib-fd is set when verifying signatures.
Just in case someone forgets to clear the whole key.
* getkey.c (merge_selfsigs_main): Add an "if all else fails" path for
setting a single user ID primary when there are multiple set primaries all
at the same second, or no primaries set and the most recent user IDs are
at the same second, or no signed user IDs at all. This is arbitrary, but
deterministic.
* exec.h, photoid.h: Add copyright message.
--pgpX, etc. options. This is the same as --no-XXXX for those options.
* packet.h, getkey.c (skip_disabled), keylist.c (print_capabilities): New
"pk_is_disabled" macro to retrieve the cached disabled value if available,
and fill it in via cache_disabled_value if not available.
* trustdb.h, gpgv.c (is_disabled), trustdb.c (is_disabled): Rename to
cache_disabled_value. Cache the result of the check so we don't need to
hit the trustdb more than once.
* trustdb.c (get_validity): Cache the disabled value since we have it
handy and it might be useful later.
